CVE

Id
86245  
CVE No.
CVE-2015-8968  
Status
Candidate  
Description
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories.  
Phase
Assigned (20161102)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
758136 86245 CVE-2015-8968 MISC:https://github.com/square/git-fastclone/pull/2  View
758137 86245 CVE-2015-8968 MISC:https://hackerone.com/reports/104465  View
758138 86245 CVE-2015-8968 BID:81433  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
615 JVNDB-2016-001388 複数の Microsoft 製品における権限昇格の脆弱性 複数の Microsoft 製品は、DLL のロードを誤って処理するため、権限を取得される脆弱性が存在します。 CVE-2016-0041 86245 7.2 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001388.html  View